Prilock Security Training Blog

Ex CIA Prime Suspect for Vault 7 Leak

A former CIA employee has been named as the prime suspect behind last year’s leak of thousands of top-secret documents on the agency’s hacking practices.

According to the Washington Post, court documents name Joshua Adam Schulte as the person authorities believe to be behind the massive Vault 7 online dump of CIA internal documents and manuals.

Transcripts from an investigation contain multiple references to search warrants related to the Vault 7 case.

“In March of 2016, there was a significant disclosure of classified material from the Central Intelligence Agency. The material that was taken was taken during a time when the defendant was working at the agency,” prosecuting attorney Matthew Laroche is quoted as saying.

“The government immediately had enough evidence to establish that he was a target of that investigation. They conducted a number of search warrants on the defendant’s residence.”

Another January transcript made public also notes that attorneys were discussing “national security evidence that might be present in the case.”

Here’s where things get tricky: the government says it does not have enough evidence to charge Schulte with the leak. However, he is facing unrelated charges in the New York Southern District Court for possession and distribution of child abuse images.

He has pleaded not guilty to the charges.

The report says that, while the government thinks Schulte was the one who handed the cache of documents over to WikiLeaks, they do not currently have enough evidence to bring charges. Rather, he is being charged with operating a server that contained a 54GB container of child abuse content (we’re not going to label it as ‘pornography’ out of respect for adult entertainment performers).

Schulte’s lawyers have argued that he simply ran a public server and had no idea as to the contents of the encrypted container. Interestingly, court transcripts show that Schulte’s team has offered his work with the CIA, and the rigorous screenings that come with it, as arguments in his defense.

According to the report, Schulte worked for the CIA’s engineering development group until 2016, a position that would have given him access to the thousands of agency documents that were handed over to WikiLeaks in 2017.

That cache would eventually be disclosed as the “Vault 7” data dump. While it was embarrassing for the CIA to lose so many documents, the dump itself provided little in the way of juicy intel: mostly it just showed that, yes, the CIA engages in covert intelligence operations.

Most notably, the dump included details on hacking tools the agency used to compromise Windows, MacOS and iOS devices